nanog mailing list archives
Re: Ping flooding (fwd)
From: Michael Dillon <michael () memra com>
Date: Mon, 8 Jul 1996 16:24:02 -0700 (PDT)
Are there any procedures in place to track down this kind of network abuse. In particular, is it possible that it is a stealth attack? Before you answer, take note that this is going to appear in Bob Metcalfe's column next week. ---------- Forwarded message ---------- Date: Mon, 8 Jul 1996 15:30:43 -0600 (MDT) From: Kevin Rosenberg <kevin () cyberport com> Reply-To: inet-access () earth com To: inet-access () earth com Subject: Re: Ping flooding Resent-Date: Mon, 8 Jul 1996 15:30:53 -0600 (MDT) Resent-From: inet-access () earth com
Some months later we had an incident of massive amounts of forged email from a site called SUNSETDIRECT.COM. For several weeks they sent forged
We are currently undergoing a ping flood attack, though our upstream provider has filtered icmp from the host so the flood is no longer affecting our T1 line. The system administrator of the site that appears to be flooding us doesn't believe his site is the source of the attack. He states that he can't see the icmp packets, though I don't know how he is sniffing his wire. My questions are these: Is it possible for someone to forged the source IP address of an icmp packet? If so, do they have to be in some routing proximity, or can they forge the source address while they are connected from anywhere in the world? Thanks! -------------------------------------------------------------------- Kevin Rosenberg | CyberPort Station Chief System Administrator | The Finest Internet Service Possible! kevin () cyberport com | http://www.cyberport.com Finger kevin () cyberport com for PGP Public Key -------------------------------------------------------------------- ============================== ISP Mailing List ============================== Email ``unsubscribe'' to inet-access-request () earth com to be removed. Do not post flames to the list -- if you must flame, use private email. - - - - - - - - - - - - - - - - -
Current thread:
- Re: Ping flooding (fwd) Michael Dillon (Jul 08)
- Re: Ping flooding (fwd) George Eddy (Jul 08)
- Re: Ping flooding (fwd) Michael Dillon (Jul 08)
- Re: Ping flooding (fwd) Paul A Vixie (Jul 08)
- Re: Ping flooding (fwd) Curtis Villamizar (Jul 09)
- Re: Ping flooding (fwd) Daniel W. McRobb (Jul 08)
- Re: Ping flooding (fwd) Michael Dillon (Jul 08)
- Re: Ping flooding (fwd) Daniel W. McRobb (Jul 08)
- Re: Ping flooding (fwd) Michael Dillon (Jul 08)
- Re: Ping flooding (fwd) Nevin Williams (Jul 08)
- Re: Ping flooding (fwd) Michael Dillon (Jul 09)
- Re: Ping flooding (fwd) Michael Dillon (Jul 08)
- Re: Ping flooding (fwd) George Eddy (Jul 08)